Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3613

Опубликовано: 18 нояб. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия до 7.37.1 (включая)
cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Версия до 7.37.1 (включая)
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.10.4 (включая)

EPSS

Процентиль: 82%
0.0182
Низкий

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2014-3613

ubuntu
почти 11 лет назад

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

redhat логотип

CVE-2014-3613

redhat
около 11 лет назад

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

debian логотип

CVE-2014-3613

debian
почти 11 лет назад

cURL and libcurl before 7.38.0 does not properly handle IP addresses i ...

github логотип

GHSA-gcmw-6qh5-324w

github
больше 3 лет назад

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

oracle-oval логотип

ELSA-2015-2159

oracle-oval
почти 10 лет назад

ELSA-2015-2159: curl security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 82%
0.0182
Низкий

5 Medium

CVSS2

Дефекты

CWE-310